Re: Jabber MRA cannot connect to phone services - Page 2

stephen.widjaja · ‎03-17-2016

Hello,

I have problem with Jabber MRA phone services. IM&P server already connected, i can chat and the presence is active and from internal everything works fine.

Attached the Expressway-C and Expressway-E log from diagnostic logging.

Here's what i get from the Expressway Core log :

2016-03-18T10:37:52+07:00 ewcore tvcs: UTCTime="2016-03-18 03:37:52,154" Module="network.sip" Level="INFO": Action="Received" Local-ip="10.0.146.111" Local-port="25342" Src-ip="10.0.146.112" Src-port="7002" Detail="Receive Response Code=401, Method=OPTIONS, CSeq=49508, To=sip:10.0.146.112:7002, Call-ID=1a9465009b4a7bea@10.0.146.111, From-Tag=2d60d8a54368916f, To-Tag=a22db56e2788607c, Msg-Hash=6067509367321149832"
2016-03-18T10:37:52+07:00 ewcore tvcs: UTCTime="2016-03-18 03:37:52,154" Module="network.sip" Level="DEBUG": Action="Received" Local-ip="10.0.146.111" Local-port="25342" Src-ip="10.0.146.112" Src-port="7002" Msg-Hash="6067509367321149832"
SIPMSG:
|SIP/2.0 401 Unauthorised
Via: SIP/2.0/TCP 10.0.146.111:5060;branch=z9hG4bKca591ec0b9e96167cac09b7825ef48e214923;received=10.0.146.111;rport=25342
Call-ID: 1a9465009b4a7bea@10.0.146.111
CSeq: 49508 OPTIONS
From: <sip:10.0.146.111>;tag=2d60d8a54368916f
To: <sip:10.0.146.112:7002>;tag=a22db56e2788607c
Server: TANDBERG/4132 (X8.7)
WWW-Authenticate: Digest realm="Traversal Zone", nonce="7f39b9db989f9d7bbe2edf5c0a1e7a3962f130e51b50b073589b0d3a7c4e", opaque="AQAAAC5AJ8ihzAINCUVOmsCl6OFd+7UL", stale=FALSE, algorithm=MD5, qop="auth"
Content-Length: 0

2016-03-18T10:37:52+07:00 ewcore traffic_server[29909]: UTCTime="2016-03-18 03:37:52,553" Module="network.http.trafficserver" Level="INFO": Detail="Sending Request" Txn-id="1122" Dst-ip="10.0.146.105" Dst-port="6972" Msg="GET /jabber-config.xml HTTP/1.1"
2016-03-18T10:37:52+07:00 ewcore traffic_server[29909]: UTCTime="2016-03-18 03:37:52,553" Module="network.http.trafficserver" Level="DEBUG": Detail="Sending Request" Txn-id="1122" Dst-ip="10.0.146.105" Dst-port="6972"
HTTPMSG:
|GET /jabber-config.xml HTTP/1.1
Host: cucm.demo.astra.co.id:6972
Accept: */*
User-Agent: Jabber-OSX-654
X-Forwarded-For: 114.124.4.113, 127.0.0.1
Via: https/1.1 vcs[0A009270] (ATS), http/1.1 vcs[0A00926F] (ATS)

|

2016-03-18T10:37:52+07:00 ewcore traffic_server[29909]: UTCTime="2016-03-18 03:37:52,605" Module="network.http.trafficserver" Level="INFO": Detail="Receive Response" Txn-id="1122" Src-ip="10.0.146.105" Src-port="6972" Msg="HTTP/1.1 404 Not Found"
2016-03-18T10:37:52+07:00 ewcore traffic_server[29909]: UTCTime="2016-03-18 03:37:52,605" Module="network.http.trafficserver" Level="DEBUG": Detail="Receive Response" Txn-id="1122" Src-ip="10.0.146.105" Src-port="6972"
HTTPMSG:
|HTTP/1.1 404 Not Found
Content-length: 0
Content-type: */*

|

2016-03-18T10:37:52+07:00 ewcore traffic_server[29909]: UTCTime="2016-03-18 03:37:52,606" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="1122" Dst-ip="127.0.0.1" Dst-port="35055" Msg="HTTP/1.1 404 Not Found"
2016-03-18T10:37:52+07:00 ewcore traffic_server[29909]: UTCTime="2016-03-18 03:37:52,606" Module="network.http.trafficserver" Level="DEBUG": Detail="Sending Response" Txn-id="1122" Dst-ip="127.0.0.1" Dst-port="35055"
HTTPMSG:
|HTTP/1.1 404 Not Found
Content-length: 0
Content-type: */*
Date: Fri, 18 Mar 2016 03:37:52 GMT
Age: 0
Connection: keep-alive
Server: CE_C

Jonathan Unger · ‎06-22-2016

Hi Ben,

I would suggest disabling any sort of SIP ALG or SIP inspection/filtering as a start.

There is an article on the Checkpoint site on how to do this (not sure if it is applicable to your version of Checkpoint).

https://www.checkpoint.com/smb/help/utm1/8.1/8922.htm

Ben Morgan · ‎07-21-2016

Hi Jonathan,

Ive got it to a stage where my jabber client can receive the incoming alert..I can answer the call. My Jabber client, thinks its in a call.. but the Internal endpoint continues to hear ringback.

I also , cannot make a call to an internal phone.. again my Jabber client thinks its dialing out.. but the internal phone doesnt receive the SIP signalling.

Would you think TAC may have some references for checkpiont FWs?

Jonathan Unger · ‎08-03-2016

Hi Ben,

Hard to say, I know TAC is aware that an application override is required for PA firewalls, but I am not sure if they would have any checkpoint specific advice.

It does sound like there is a signaling issue at play here. The best way to approach this from a troubleshooting perspective would be:

1. Start diagnostic logging on EXP-C and EXP-E (with a packet capture)

2. Make the test call involving your jabber endpoint

3. Take the jabber troubleshooting log (Help > Report a problem)

4. Download the CM trace from the UCM cluster

Once you have those logs it should be fairly simple to compare the signaling being sent/received on the MRA client with the signaling taking place on the EXP-C, EXP-E, and CUCM.

If things are not lining up then it will help confirm a firewall issue.

Cristian Boboc · ‎07-19-2017

Hi Ben/everyone,

Where you able to get the problem fixed? What was the solution?

Thanks

Jonathan Unger · ‎03-29-2016

Hi Stephen,

Did you find anything on the firewalls which could have caused a block?

stephen.widjaja · ‎03-29-2016

Hi Jonathan,

Not yet, last update from my customer is they've called the firewall vendor to disable the SIP inspection.

Jonathan Unger · ‎05-10-2016

Hi Stephen,

Just curious as to whether you were able to get this issue sorted out?

Please let us know if you need any help!

- Jon

Nathan Gageby · ‎10-26-2016

Could you elaborate on what we should do if we find red text as in question 2?

SwathyEdayath · ‎11-05-2017

Dear Jonathan,

We have the same problem in our network . below are the answers to your questions .

1.configured

2.Yes, are entries are red

3.Yes

4.X8.8.1, cucm 11.0

5. Yes, But no luck . kindly suggest .

SwathyEdayath · ‎11-06-2017

The issue has been resolved !! There was a trunk pointing to Expc from CUCM, which was deleted .

andriansyahagung · ‎09-17-2017

Hello Stephen,

Did you solve this issue yet? because i have same exact issue as yours.